The Cybersecurity 202: Our Expert Network Says it's Time for More Cybersecurity Regulations

The time has come for government to mandate that companies vital to U.S. national and economic security meet basic cybersecurity standards, according to a vast majority of cybersecurity experts. 

That assessment from 86 percent of the Cybersecurity 202 Network comes as the government reels from the Colonial Pipeline ransomware attack, which disrupted gasoline sales and prompted panic buying in the southeastern United States, and the JBS ransomware attack that raised fears of a meat shortage. 

Similar attacks — in which hackers lock up the victim’s computer systems and demand a hefty payment to unlock them — have hit hospitals, schools, state and local governments and a slew of vital industries. But only a handful of the 16 industry sectors that government deems most critical to national and economic security are required by the government to meet minimum cybersecurity requirements. 

The survey findings reflect an emerging new consensus that the light-touch approach simply isn’t sufficient to keep the nation safe. 

“Critical infrastructure is exactly that — critical — and we can't afford it being taken down or made unavailable because of a cyber incident,” said Chris Painter, the State Department’s top cyber official during the Obama administration.

Chris Finan, an Obama administration national security official, called the current state of cybersecurity protections in critical industries “a clear market failure that will only be remedied with regulation.”


  • Jeff Greene, the director of the National Institute of Standards and Technology’s National Cybersecurity Center of Excellence who has been detailed to President Biden’s National Security Council, discusses Biden’s recent cybersecurity executive order at a National Security Institute event on June 18 at 1 p.m.

Read more at: The Washington Post